Battle.net announces an "important security update," revealing Blizzard has discovered "unauthorized and illegal access into our internal network." As a result, they recommend that North American users change their passwords, though they say they believe that the information retrieved "alone is NOT enough for anyone to gain access to Battle.net accounts." They also have written up an Important Security Update FAQ with all the details on this, including the surprising news that "information was taken that could potentially compromise the integrity of North American Mobile Authenticators," which will lead to a software updates.

Post CommentEnter the details of the comment
you'd like to post in the boxes below and click the button at
the bottom of the form.

Dades wrote on Aug 9, 2012, 19:28:Good job to the chumps who kept blaming users and insisted authenticators were bullet proof before. No way Blizzard could be the ones compromised, its just users downloading porn and torrents who don't know how to secure their computar!

Authenticators were never bulletproof, but two factor authentication is much better than single factor. You know that right? As it stands, using SRP is nearly impossible to break. Unless they also have access to the salted-hash tables for each users password. If you don't understand how SRP works you can read about it here: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol

Besides, I already saw someone mention RSA. Too bad someone had to steal both the source code and the key creation layer in order to break their tokens. Blizz uses vasco, and the key creation is open source on that.

The only thing that was taken that could have compromised mobile authenticators, would be a hashing table. But that still doesn't affect physical ones.

Besides, I'd hazard a guess that blizz is smarter on this front than Sony. And this is the last two weeks to 30 days. If it wasn't, they'll be upstream paddling over it otherwise. And they'll also have to answer to their investors over it.

Julio wrote on Aug 9, 2012, 19:36:I'm sure it helped the bottom line at Blizzard selling a bunch of authenticators for the past few months.